OpenWRT x86 in VMWare ESXi

In ESXi routing, NAT and other advanced networking must be accomplished through Router Virtual Machine. DD-WRT is fine example which works stable, but it costs money to run it on x86.

You can use OpenWRT the same way as DD-WRT.
To create image yourself, download image and convert it using qemu-img.
I`ve used openwrt-x86-generic-combined-ext4.img.gz.

> qemu-img convert -f raw -O vmdk openwrt.img openwrt.vmdk

After that create ESXi other Linux 3.x 32 bit machine (without CD-ROM, Printer and etc). Remove SCSI disk and add IDE and upload created VMDK file.

Make sure to set Ethernet adapter to E1000.

Download ready to use VM here.

Update-me-now killswitch in Java 7

After Java 7 update 17 Sun/Oracle implemented a kill switch which prevents installed java working after compiled in specific date (roughly 3 months after release) displaing prompts ala

"This version of Java is not secure"

While it is usual to read every week announcements about new exploits in Java this sort of self punishment is very inconvenient in Corporate (aka no internet) environments.

There is a whole thread dedicated to prevent Java to display various Update me dialogs
 http://www.symantec.com/connect/forums/how-everyone-addressing-forced-java-dialog-java-update-needed-your-java-version-insecure

Of cource you must update Java, but all this prompts in Corporate environment is pointless because user does not have enough rights to Update java.

Mule business event logging via ServerNotificationListener

Mule CE 3.5.0 does not have any sort of business monitoring. Only logs with lots of technical information.

So you must setup your own infrastructure, for example using Graylog2 or Logstash + Kibana.

But first of all how to get high level information about flows and events in your Mule ESB?

1) Do not init listeners via registry-bootstrap.properties as described in Start Me Oh So Gently

The MuleContext instance and internal NotificationManager and it`s Policy field will be overwritten later in process with new instance (this only applies to running in standalone mode, somehow running flow in IDE does not produce such behaviour)

2) Use standard syntax in your flow XML file:

<spring:bean name="logger1" class="class implementing MessageProcessorNotificationListener"/>
<spring:bean name="logger1" class="class implementing EndpointMessageNotification"/>

<notifications dynamic="true">
  <notification event="MESSAGE-PROCESSOR"/>
  <notification event="ENDPOINT-MESSAGE"/>
  <notification-listener ref="logger1"/>
  <notification-listener ref="logger1"/>
</notifications>

I recommend listening at least on these two events (MessageProcessorNotification and EndpointMessageNotification). The first one produces information about message being processed and sent to outbound endpoints. The second one generate event with information about message received from inbound endpoint.

3) Do the code to extract information from events

Moving from technical expertise to nice visual appearance

Nowdays almost every piece of technology, published on Github or elsewhere is accompanied by visually appealing startup page with custom domain, nice urls, responsible design and such.

Or by custom made image at least.

----
Do you remember when best OSS projects were on bare-content websites?

Pepperridge farm remembers.
----

While it is nice to see this trend, it can be difficult to aprehend true maturity or effectiveness of proposed solution. Looking at good design you might think "Wow, great project!" and only much later realise the project have bad code decisions, can`t be easily extended or modified.

For example, linux-dash hosted on github.
It looks good, but try adding custom module yourselves (I`ve tried - you must make changes in 4 files).



 

Poor`s man jvisualvm on Windows 2008+

If running java processes as services on Windows 2008 and later, there is no way to profile them using jvisualvm - you can`t connect to them directly.

Yes, you can use - jmx, jstatd. But there is a way to gather performance data without all that fuzz.

Using psexec (from SysInternals) you can dump all performat data for all java processes with one command line:

psexec \\HOST -accepteula -u DOMAIN_USER -p DOMAIN_PASSWORD -h cmd /c for /f "tokens=1" %i in ('%JAVA_HOME%/bin/jps.exe') do jcmd %i PerfCounter.print

It uses jcmd for dumping all information. You must use the same DOMAIN_USER, DOMAIN_PASSWORD used for services. Do not run java services as LocalSystem!

This will produce output like this:

Dyn (former DynDNS) not so free offering DLINKDDNS eol

Sometime ago, DynDNS stopped offering free DynDNS service.

But there were workaround. If you registered (with any device) at dlinkddns.com you can use it on any device you like.

It was a partnership between D-Link and Dyn.

But not anymore. Dyn now requires everyone enter serial number to check whether this device can actually use DynDNS service. Furthermore, it is only for six months.

So it is time to move to different dynamic DNS providers.

In fact, is it simply irrelevant which one you use, as long it gives you ANY hostname and compatible with your router.

Just setup DNS CNAME -> redirection from your preferred name to dynamic DNS name.
And always query by CNAME you set.

64-bit Windows binary of Tanuki Software Wrapper

On original site where is no way to download 64 bit version for Windows.

One, ofc, can compile it manually but you can save yourself a lot of hassle just getting the binary.

Today I discovered that OSS project Apache ActiveMQ binary distribution bundles win64 binaries with it.

So grab it from http://activemq.apache.org if you need win64 wrapper binaries.

Shellshock summary

Don`t use cgi on server.

Ssh is not vulnerable if you don`t give access to ssh to strangers.

Client devices is vulnerable - macos, linux because of dhcp client.

Ubuntu upgrade

After upgrade from 12.04 to 14.04 i lived for months with old kernel (3.5.x).

The current one (3.13.x) was unable to boot with error "unable to find root device"

Suprisingly everything worked ok, except nvidia hw gfx acceleration.

TIL one need to install linux-image-extras by hand if using hw raid adapter like mpt2sas. In older distro it was part of main package.

After apt-get linux-image-extra, update-grub + update-initramfs and reboot everything works good.